Deploying SREs with the same name to two different SHMs linked to the same Entra fails

[craddm]

✅ Checklist

• I have searched open and closed issues for duplicates.
• This is a problem observed when deploying a Data Safe Haven.
• I can reproduce this with the latest version.
• I have read through the documentation.
• This isn't an open-ended question (open a discussion if it is).

💻 System information

• Operating System: debian bookwom
• Data Safe Haven version: develop

📦 Packages

List of packages

Paste list of packages here

🚫 Describe the problem

In principle, since it is possible to deploy multiple SHMs linked to the same Entra ID, it is possible to deploy multiple SREs with the same name also linked to the same Entra ID.

In practice, although it is possible to begin deploying a second SRE with the same name, this fails when creating Entra security groups for the SRE.

The name of the security group only references the SRE name, not the SHM name.

Pulumi correctly detects that the groups already exist, won't allow creation of new groups with the same name, and thus causes an error.

This is an edge case we are unlikely to fix.

🌳 Log messages

Relevant log messages

2024-11-25 20:25:28,028 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_privileged_user_group_name creating (1s) error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Privileged Users" (ID: "301d93e7-148d-481e-bdf6-57163075d7a9") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,030 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_privileged_user_group_name creating (1s) error: 1 error occurred:
2024-11-25 20:25:28,031 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_privileged_user_group_name **creating failed** error: 1 error occurred:
2024-11-25 20:25:28,032 - CRITICAL - Pulumi error:   error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Users" (ID: "02d706d1-7d2c-4316-bf59-1200b6546e89") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,033 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_user_group_name creating (1s) error: 1 error occurred:
2024-11-25 20:25:28,034 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_user_group_name **creating failed** error: 1 error occurred:
2024-11-25 20:25:28,035 - CRITICAL - Pulumi error:   error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Administrators" (ID: "5aab41f4-ba65-42b2-a69b-5fcff29437f7") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,036 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_admin_group_name creating (2s) error: 1 error occurred:
2024-11-25 20:25:28,036 - CRITICAL - Pulumi error:  +  azuread:index:Group sre_entra_group_admin_group_name **creating failed** error: 1 error occurred:
2024-11-25 20:25:28,037 - CRITICAL - Pulumi error:  +  pulumi:pulumi:Stack data-safe-haven-shm-green-sre-kermit creating (15s) error: update failed
2024-11-25 20:25:28,038 - CRITICAL - Pulumi error:     error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Users" (ID: "02d706d1-7d2c-4316-bf59-1200b6546e89") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,038 - CRITICAL - Pulumi error:     error: update failed
2024-11-25 20:25:28,039 - CRITICAL - Pulumi error:     error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Administrators" (ID: "5aab41f4-ba65-42b2-a69b-5fcff29437f7") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,039 - CRITICAL - Pulumi error:     error: 1 error occurred:
2024-11-25 20:25:28,039 - CRITICAL - Pulumi error:     error:   sdk-v2/provider2.go:520: sdk.helper_schema: An existing "azuread_group" with name "Data Safe Haven SRE kermit Privileged Users" (ID: "301d93e7-148d-481e-bdf6-57163075d7a9") was found and `prevent_duplicate_names` was specified: To be managed via Terraform, this resource needs to be imported into the State. Please see the resource documentation for "azuread_group" for more information.: [email protected]
2024-11-25 20:25:28,040 - CRITICAL - Pulumi error:     error: 1 error occurred:
2024-11-25 20:25:28,040 - CRITICAL - Pulumi error:     error: 1 error occurred:
2024-11-25 20:25:28,041 - CRITICAL - Pulumi error:  stderr: 
2024-11-25 20:25:28,041 - ERROR - Pulumi update failed.
2024-11-25 20:25:28,041 - ERROR - Pulumi deployment failed.

♻️ To reproduce

Deploy two SHMs linked to the same Entra ID. Deploy an SRE to each SHM, using the same SRE name for each one.